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METHODS FOR PERFORMING TRANSACTIONS IN A WIRELESS ENVIRONMENT 

INTRODUCTION 

[0001] The present invention provides methods for performing transactions in wireless 
environments and for selecting the interface and application which will be used in the transaction. 
More specifically, the present invention provides methods for utilizing an electronic device, such as 
an integrated circuit card, which is capable of communicating with a point of sale terminal across 
both a wireless interface and physical contacts present on the card to select the application to be used 
in the transaction, the interface to be used, and to inform the point of sale terminal of the appropriate 
data formats which will be used in the transaction. 

CROSS-REFERENCES 

[0002] This application claims priority to United States provisional patent application Serial 
No. 60/399,274, filed July 29, 2002 and entitled Contactless Credit Card Payment System and 
Method. 

BACKGROUND OF THE INVENTION 

[0003] Technological improvements have allowed businesses and individuals to engage in 
transactions in new and expanding environments. For example, payment of a transaction may now 
be made over a wireless interface such as in the case of a radio frequency or infrared enabled 
electronic device. For instance, radio frequency enabled credit cards, also commonly known as 
contactless cards, typically comprise an integrated circuit, and a coiled antennae. The integrated 
circuit of a contactless card, comprises a processor, memory such as random access memory or 
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electrically erasable-programmable read only memory ("EEPROM"), and a modulator/demodulator 

for impressing data on a radio frequency wave and decoding received data. The antennae is coiled 

through the interior of the contactless card and is used to communicate data with an external 

location. In addition, the coiled antennae inductively couples with an external electro-magnetic field 

and serves as a power source for the contactless card. In addition, wireless transactions may be 

conducted by any electronic device which is enabled to communicate transaction information over 

any wireless interface including, infrared, radio frequency, laser, or another frequency or 

communication means or protocol for use therewith. 

[0004] Contactless cards provide increased cost savings to the issuer of such cards because 

they do not require contact with a physical card-reading device to receive power or exchange 

information. Similarly, contactless integrated circuit cards provide significant convenience to the 

cardholder as they allow a consumer to conduct a transaction more quickly and conveniently than in 

a contact-based environment. For example, using contactless technology, a consumer could present 

the card for payment without having to locate their card in their wallet, physically provide the card to 

the merchant, await the merchant to properly read the card through physical means, receive the card 

back from the merchant, and replace the card in their wallet. Rather, using contactless technology, 

the transaction could be conducted without the consumer ever removing the card from their wallet. 

By eliminating the physical exchanges between the consumer and the merchant, contactless 

technology will result in significant overall time savings to the consumer even if actual processing 

time for contactless transactions is longer than for contact-based transactions. In addition, a 

contactless card never needs to leave the actual possession of the card holder as all of the data 

necessary to the transaction is transferred over a wireless interface. This feature itself provides the 

cardholder with a increased level of security as it reduces the likelihood that the card will be passed 
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through an unauthorized reader for purposes of skimming the data on the card and creating a 
counterfeit card. 

[0005] Nonetheless, these benefits must be balanced against the potential for security 
breaches which are presented by contactless cards that are not presented in a contact-based 
environment. In particular, different security issues arise where information is transmitted between a 
card and a contactless card reader which information may be intercepted during transmission. 
Potential security breaches which arise by the use of contactless cards include data "hijacking", data 
"pick-pocketing" and the "man in the middle" attack. 

[0006] Hijacking data occurs when a party not involved in a credit card transaction taps into 
the exchange of data occurring as part of the transaction to extract information being transmitted 
between a contactless card and a contactless card reader. Not surprisingly, the ability for a fraudulent 
device to obtain valid data is inversely proportional to the distance between the hijacking device and 
the card reader and/or the contactless card. In other words, as the hijacking device is permitted to be 
in closer proximity to card reader and/or the contactless card, the likelihood of the hijacking device 
successfully obtaining valid data from the transaction is increased. 

[0007] Pick-pocketing data occurs when a fraudulent device activates and reads the 
contactless card without the cardholder' s knowledge. Data pick-pocketing may even occur when the 
card is not being used in a transaction as the pick-pocketing device can activate the card and initiate a 
data exchange. Data is obtained from the card by the fraudulent device using legitimate commands 
causing the card to evaluate the data exchange as legitimate. Since a contactless card transmits data 
as radio frequency waves propagating from a single source, a contactless card may be subject to such 
an attack in locations and from sources of which the cardholder is not aware. Again, the ability for a 
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fraudulent device to obtain valid data is inversely proportional to the distance between the 
contactless card and the fraudulent device. 

[0008] A "man in the middle" attack occurs when an exchange between a contactless card 
and a legitimate card reader is unknowingly intercepted by a third and unauthorized device to the 
transaction. The third and unauthorized device to the transaction intercepts the data transmitted by 
the card, copies or otherwise manipulates such data, then transmits such data to the legitimate card 
reader. When the card reader is returning data or instructions to the card, the third device receives 
such data and transmits such data to the card. The transaction continues with the third device 
accepting and re-transmitting all data exchanged between the card and the legitimate card reader. In 
this fashion, the third device has access to all of the data of the transaction, without the knowledge of 
either the card holder or the merchant operated card reader. 

[0009] Because the security risks inherent in a contactless environment may require 
additional security measures to be performed to secure data during transmission, terminals 
interfacing with cards need to differentiate between contactless cards and cards that physically 
contact the terminal. Applications deployed on cards capable of contactless communication with a 
point of sale terminal may vary and require the use of different types of data, in different formats and 
with different processing requirements. For example, a single card as used in the present invention 
may simultaneously have deployed thereon applications which utilize magnetic stripe data and 
applications which utilize chip data. In this context, magnetic stripe data is that data which is 
commonly referred to in the industry as Track 1 and/or Track 2 data, as this data is commonly stored 
on those tracks of the magnetic stripe which appears on the back of non-integrated circuit enabled 
cards. Chip data is that data which is utilized in the so call smartcard transactions, such as for 
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example the Visa Smart Debit/Credit (VSDC) transactions, and is stored on memory residing on the 
card itself. 

[0010] Accordingly, utilizing an integrated circuit card to perform transactions across both a 
wireless interface with a point of sale terminal and across a contact interface require methods for 
selecting the application which will be used in the transaction, the interface which will be used in the 
transaction and the data format which will be used in the transaction. The present invention provides 
such methods and further provides for their use in the existing environment for credit and debit card 
transactions with minimal equipment changes to merchant and issuer or service provider equipment. 

SUMMARY OF THE INVENTION 

[0011] The present invention provides a method for performing a transaction between an 
electronic device, such as an integrated circuit card, and a point of sale terminal wherein the 
electronic device and the point of sale terminal can exchange data across either a contactless 
interface or a contact based interface. 

[0012] As described in more detail herein, the present invention enables the user of such an 
electronic device, referred to herein as a cardholder, to present to a merchant-operated point of sale 
terminal information regarding a payment service utilized by the cardholder. Once the cardholder 
presents the device to a point of sale terminal, the payment service to be used in performing the 
transaction is selected, the interface by which the transaction information will be exchanged is 
determined, and the format for exchanging data between the device and the terminal is determined. 
In a preferred embodiment, the cardholder will select the payment service to be utilized in the 
transaction from a list of services mutually supported by the point of sale terminal on the contactless 
card. 
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[0013] Further advantages and aspects of the present invention will become apparent to those 
of ordinary skill in the art upon reading and understanding the following detailed description of the 
preferred embodiments. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0014] The invention may take form in various components and arrangements of 
components, and in various steps and arrangements of steps. The drawings are only for purposes of 
illustrating the preferred embodiments and are not to be construed as limiting the invention. 

[0015] FIG. 1 depicts a system of the present in which a transaction is conducted over a 
wireless interface. 

[0016] FIG. 2 depicts an exemplary transaction flow for determining the information to be 
transmitted in a credit-based transaction according to an embodiment of the present invention. 

[0017] FIG. 3 illustrates an exemplary transaction flow for the processing occurring on an 
electronic device, such as an integrated circuit card, which is enabled to engage in a wireless 
transaction according to an embodiment of the present invention. 

[0018] FIG. 4 depicts an exemplary method of selecting an application to be used in a credit- 
based transaction according to an embodiment of the present invention. 

[0019] FIG. 5 illustrates an embodiment of the processing steps between an electronic device 
and a terminal in which the electronic device apprises the terminal of the data exchanged in a 
contactless transaction. 

[0020] FIG. 6 illustrates an alternate embodiment of the processing steps between an 
electronic device and a terminal in which the electronic device apprises the terminal of the profile of 
the data exchanged in a contactless transaction. 
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DETAILED DESCRIPTION OF THE INVENTION 

[0021] Before the present methods are described, it is to be understood that this invention is 
not limited to the particular methodologies or protocols described, as these may vary. It is also to be 
understood that the terminology used in the description is for the purpose of describing the particular 
versions or embodiments only, and is not intended to limit the scope of the present invention which 
will be limited only by the appended claims. In particular, although the present invention is 
described in conjunction with a financial transaction, it will be appreciated that the present invention 
may find use in any electronic exchange of data. 

[0022] It must also be noted that as used herein and in the appended claims, the singular 
forms "a", "an", and "the" include plural reference unless the context clearly dictates otherwise. 
Thus, for example, reference to a "record" is a reference to one or more records and equivalents 
thereof known to those skilled in the art, and so forth. Unless defined otherwise, all technical and 
scientific terms used herein have the same meanings as commonly understood by one of ordinary 
skill in the art. Although any methods similar or equivalent to those described herein can be used in 
the practice or testing of embodiments of the present invention, the preferred methods are now 
described. All publications mentioned herein are incorporated by reference. Nothing herein is to be 
construed as an admission that the invention is not entitled to antedate such disclosure by virtue of 
prior invention. 

[0023] For purposes of this application, "contactless" or "wireless" shall mean any 
communication method or protocol, including proprietary protocols, in which data is exchanged 
between two devices without the need for the two devices to be physically coupled. For example, 
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"contactless" or "wireless" shall include radio frequency, infrared, laser, any other communication 
means, and the use of any protocols, such as proprietary protocols, with such communication means. 

[0024] For purposes of this application, "card" or "device" shall mean an integrated circuit 
card which has been enabled to communicate with an external device over a wireless interface, an 
electronic device which has been enabled to communicate with an external device over a wireless 
interface, or any other device which is capable of exchanging data with an external device without 
physically coupling with said external device. For example, and without limiting the foregoing, 
"card" or "device" shall include an integrated circuit or so called smartcard, a memory chip card 
comprising flash or other memory means, a personal digital assistant, or a cellular phone. Preferably, 
a "card" or "device" will also be capable of communicating with an external device through physical 
contacts as well. 

[0025] For purposes of this application, "data exchange environment" shall mean the means 
by which applications are logically stored and organized on the card. For example, "data exchange 
environment" may include lists or root directories of one or more applications deployed on the 
device which may be organized according to functionality, processing requirements, the issuer or 
service provider which deployed the applications, or by some other criteria. 

[0026] The present invention provides a method by which a card can be used to accomplish a 
variety of transactions over a wireless interface. It is anticipated that a card used in the present 
invention does not operate solely in a contactless environment. Rather, it is expected that the card of 
the present invention may also be utilized in a contact-based environment in which the card must be 
physically placed in contact with (i.e. swiped through) a card reader. However, the methods of the 
present invention are equally effective if the card communicates with a terminal or card reader solely 
by way of a wireless interface. 
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[0027] As shown in FIG. 1, the present invention provides a mechanism for conducting a 
wireless transaction within the existing environment for credit or debit transactions with only 
minimal equipment changes. The card 101 is presented by the cardholder to a card reader 105. The 
card 101 communicates with the card reader 105 via wireless communication 110 such as radio 
frequency waves or infrared. The card reader 105 is connected to a terminal 115 or merchant 
computer which receives data from one or more card readers 105. Optionally, the card reader 105 
and the terminal 115 can be combined into a single device which performs both functions. The 
terminal 115 in turn communicates data across a distributed communications network 120 to an 
issuer or service provider computer 125. 

[0028] The interaction between the card and the terminal is depicted in FIG. 2. As shown in 
FIG. 2, the transaction is initiated when the cardholder presents the card to the terminal 200. The 
presentation of the card to the terminal may include the cardholder bringing the card within a certain 
distance of the card reader (for a contactless transaction). The presentation of the card to the card 
reader may also include the cardholder bringing the card into contact with the terminal (for a contact- 
based transaction). Once the card is presented to the terminal 200, the first decision point in FIG. 2 
is encountered in which the data exchange environment is selected 205. For example, the data 
exchange environment selected, may be the Proximity Payment Systems Environment, or PPSE, 
which comprises a list of supported Application Identifiers (AID), Application Labels (which 
provide identifying information regarding the application) and Application Priority Indicators. The 
second decision point is encountered next requiring a determination whether the requested 
transaction should take place via a contact interface or a contactless interface 210. Thereafter, the 
third and final decision point of FIG. 2 is encountered. This decision point requires a determination 

of the format for the data which will be exchanged in the transaction 215. For example, the data may 
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be formatted for a magnetic stripe transaction or may be formatted for a chip data transaction. Once 
the data format is selected, transaction data is exchanged between the card and the terminal 220 until 
the transaction has completed 225. 

[0029] When the card is presented to the terminal at step 200 in FIG. 2, the card begins a 
sequence of processing steps and decisions designed to appropriately select the application, interface 
and data profile for use in the transaction. FIG. 3 illustrates the transaction flow which occurs on the 
card in the present invention. The card based processing begins with selection of the data exchange 
environment to be utilized in the transaction 301. Once the data exchange environment is selected, 
data identifying the applications accessible in that data exchange environment is communicated to 
the terminal 305. This data may be communicated to the terminal by incorporating said datainto the 
AID for a chip data based transaction irrespective of which type of applications are available. Once 
this has occurred, the card selects which type of processing to use for the transaction, which selection 
may be based, in whole or in part, on the interface over which the transaction will occur 310. When 
the contact processing is selected 315, by placement of the card in the contact interface of the 
terminal to begin the data transmission process, the transaction will be processed as a chip data 
transaction, such as a VSDC transaction 320. When the contactless processing is selected 325, the 
card must then transmit data with the appropriate profile to permit appropriate handling by the 
terminal 330. Profile selection, as described in more detail below in conjunction with FIG. 5 and 
FIG. 6, allows the card to inform the terminal of whether a contactless magnetic strip data 335 or a 
contactless chip data 340 will be used to perform the transaction. 

[0030] The selection of the data exchange environment, as discussed above, may take any 
form or follow any methodology now known or hereafter developed. For example, the present 

invention may utilize the Payment System Environment, or PSE, currently utilized in contact-based 
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transactions modified to operated over a wireless interface or the Proximity Payment System 
Environment, or PPSE, for selecting the applications over a wireless interface. In a PPSE data 
exchange environment, the application which is selected for a given transaction is determined by the 
terminal. Standard PPSE operates by the terminal requesting information on the applications 
supported by the card. The card responds with the AID's for the supported applications and priority 
indicators for each application. The priority indicators indicate the card's preferences for which 
application should be used in the transaction. The terminal receives this information from the card 
and determines which of the applications supported by the card are also supported by the terminal. 
The terminal then selects the mutually supported application with the highest priority indicator as the 
application for use in the given transaction. 

[0031] In a preferred embodiment, the data exchange environment may comprise an 
improved PPSE. The improved PPSE of the present invention, as described below, allows the 
cardholder to make the selection of the application to be used in the transaction rather than allowing 
that selection to be performed automatically by the terminal. The improved PPSE, as shown in FIG. 
4, begins with the terminal requesting that the card, such as via a SELECT command, to identify the 
applications deployed on the card 400. The card transmits 405 this information over the wireless 
interface. The information transmitted comprises an identifier for each application and application 
labels which comprise information which can be used for identifying the applications to the 
cardholder. Application labels may include data such as a common name for the application. The 
terminal then determines which of the applications supported by the card are also supported by the 
terminal 410. The mutually supported applications are then displayed to the cardholder 415 who 
selects the application to use in the transaction 420. The terminal then requests data, directly from 
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the selected application 425. The application returns such data 430, and the application is initiated 

and data exchanged between the card and the terminal as required by the application selected. 

[0032] Since the card can supply the terminal with either magnetic stripe data or chip data, it 

is necessary that both the card and the terminal agree on the format and type of data being 

exchanged. The card will, of course, be aware of the format and type of data as the selection of the 

application and the interface occurs on the card. The format and type of data (also referred to as the 

profile of the data) is identified and transmitted to the terminal as shown in the embodiment of FIG. 

5 or the embodiment of FIG. 6. As shown FIG. 5, the terminal requests data from the card, such as 

via a SELECT command, 501 regarding the processing options for the transaction. The card 

responds with a list of processing options 505 which comprises one or more data tags requesting the 

terminal to provide data to the card which identifies the capability of the terminal to conduct 

magnetic stripe data transactions, chip data transactions, transactions where approval occurs offline 

including card-based approval transactions, all such types of transactions, or processing for any other 

data profile or processing capabilities. For example, the processing options may be set forth in a 

processing data objects list or PDOL. The terminal responds by indicating which transaction and/or 

data profiles it supports 510. For example, the terminal may provide this information to the card 

along with a Get Processing Options command. The card replies with two data objects 515. The 

first data object is a list of files and records associated with either a magnetic stripe based transaction 

or a chip data transaction (this file list may be referred to as the application file locator or AFL). The 

second data object is a list of functions to be performed in processing the transaction. This list of 

functions (also referred to as the Application Interchange Profile or AIP) indicates the capability of 

the card to support certain functions in the selected application. The AIP transmitted by the card will 

include an indicator, which indicates whether the card intends to send data in magnetic stripe format, 
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chip data format or some other format supported by both the card and the terminal. The terminal 
then requests from the card 520, and the card provides 525, the appropriately formatted record. This 
method may advantageously enable the terminal to anticipate the data format sent by the card. As 
such, the terminal may not need to parse the data record to determine the format of the data. 

[0033] In the alternate embodiment as shown in FIG. 6, the terminal requests from the card, 
such as via a SELECT command, 600 information regarding the processing options for the 
transaction. The card responds with a list of processing options 605 which comprises one or more 
data tags requesting the terminal to provide data to the card which identifies the capability of the 
terminal to conduct magnetic stripe data transactions, chip data transactions, transactions where 
approval occurs offline including card-based approval transactions, all such types of transactions, or 
any other data profile or processing capabilities. For example, the processing options may be set 
forth in a processing data objects list or PDOL. The terminal responds by indicating which 
transaction and/or data profiles it supports 610. For example, the terminal may provide this 
information to the card along with a Get Processing Options command. The card transmits an AFL 
and an AIP to the terminal 615. The terminal then requests from the card, a data record in either 
magnetic stripe format or chip data format 620. The card returns a data record with the necessary 
data formatted for either a magnetic stripe transaction or a chip data transaction 625. Included with 
the data record returned may be a data tag. The presence or absence of the data tag will be an 
indicator to the terminal of the profile of the data being received. For example, in an embodiment, 
the presence of the data tag indicates that the data received is in a magnetic stripe format while the 
absence of the data tag indicates the data has been sent in chip data format. In an alternate 
embodiment, the tag may be present if the data is sent in chip data format and may not be present if 
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the data is sent in magnetic stripe format. In either embodiment, the terminal is not aware of the data 
profile until the data is received from the card and processed by the terminal to interpret the tag. 

[0034] In an alternate embodiment, the present invention may be utilized when a plurality 
cards are placed in wireless communication with the terminal. For example, a cardholder may 
present his or her entire wallet in proximity to the terminal thus allowing each of the cards within the 
wallet to be in wireless communication with the terminal. In this embodiment, a plurality of cards 
are discovered by the terminal. The terminal then polls each of the cards to build a list of supported 
applications which are deployed on the plurality of cards as follows. Utilizing anti-collision 
procedures, the terminal selects a first card. The applications deployed on the first selected card and 
supported by the terminal are then identified on a list of available applications. The card is then 
placed in a "halt" state and the terminal determines if there are additional cards in communication 
with the terminal. This process is then repeated for each additional card in communication with the 
terminal. At the conclusion of this processing, the terminal will have compiled a list of all available 
applications deployed on any of the plurality of cards in wireless communication with the terminal 
which applications are also supported by the terminal. From this list of applications, the application 
to be used in processing the transaction may be selected utilizing any of the application selection 
processes of the present invention including use of priority indicators or displaying a list to the 
cardholder for selection. 

[0035] A transaction in the present invention may be conducted using no security techniques 

or one or more security techniques. Security techniques such as data encryption, dynamic data 

authentication, static data authentication, and cardholder verification methods maybe used as part of 

a transaction in the present invention. Further, in a preferred embodiment a method for conducting 

dynamic data authentication where the card need not remain in wireless communication with the 
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terminal is included as part of the present invention. In the dynamic data authentication of the 
preferred embodiment, also referred to herein as fast dynamic data authentication, the card creates a 
hash of the magnetic stripe data on the card and includes that hashed data in the ICC Certificate 
which is utilized with standard dynamic data authentication (DDA). The terminal receives data from 
the card comprising the magnetic stripe data and the DDA data (including the ICC Certificate). Once 
this data has been received by the terminal, the terminal needs no further data from the card for 
authentication purposes. Accordingly, the from the cardholder's perspective the transaction is 
perceived to be faster as the cardholder can remove the card from communication with the terminal 
once said data has been transmitted. The terminal then continues processing to authenticate the data 
received from the card and perform the processing for approval or disapproval of the transaction. It 
will be apparent to one of ordinary skill in the art that such an authentication method will be 
particularly advantageous in an environment where quick transaction speeds (or the perception of 
quick transaction speeds by the cardholder) are required or beneficial. 

[0036] Although the present invention has been described in conjunction with magnetic 
stripe data transactions or other data transactions it will be appreciated by one of ordinary skill in the 
art that the present invention will be effective with any type of transaction or processing which may 
be deployed on a card or device. For example, applications in which approval or disapproval of the 
transaction is determined offline (i.e., without the requirement that a third party to the transaction, 
such as an issuer, approve the transaction) by either the terminal, the card, or a combination of the 
card and the terminal are within the scope of the present invention. 

[0037] The foregoing is considered as illustrative only of the principles of the invention. 

Further, since numerous modifications and changes will readily occur to those skilled in the art, it is 

not desired to limit the invention to the exact construction and operation shown and described, and 
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accordingly, all suitable modifications and equivalents may be resorted to, falling within the scope of 
the invention. 
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